Questions regarding Skupper certificate management #2241
-
|
Hi there, I have a few questions regarding Skuppers mTLS certificates. The documentation suggests that it is possible to use Skupper with a shared CA as well as with a single CA per site. Assuming this is the case, I have the following questions:
Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
The answer to this one depends on which major version of Skupper you are on. In version 2.0 we are actively working on this - it should be able to handle what you are looking for from 2.1.0+. This may help get you started if that is the case: https://github.com/skupperproject/skupper/tree/main/doc/tls. Skupper 1.x has an option to supply a |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the explanation! |
Beta Was this translation helpful? Give feedback.
Hi @benedictweis
The answer to this one depends on which major version of Skupper you are on.
In version 2.0 we are actively working on this - it should be able to handle what you are looking for from 2.1.0+. This may help get you started if that is the case: https://github.com/skupperproject/skupper/tree/main/doc/tls.
Skupper 1.x has an option to supply a
skupper-site-caSecret to a kubernetes site - so you'd have to actually give each site a CA certificate it can use to issue its own certificates. Rotating client and server certificates and CAs wasn't really supported (without destroying and re-initializing a site.)